-
公开(公告)号:US11632392B1
公开(公告)日:2023-04-18
申请号:US16840584
申请日:2020-04-06
申请人: FireEye, Inc.
发明人: Alexander Otvagin
摘要: As described, a cloud-based enrollment service is configured to advertise features and capabilities of clusters performing malware analyses within a cloud-based malware detection system. Upon receiving an enrollment request message, including tenant credentials associated with a sensor having an object to be analyzed for malware, the cloud-based enrollment service is configured to use the tenant credentials to authenticate the sensor and determine a type of subscription assigned to the sensor. Thereafter, the cloud-based enrollment service is further configured to transmit an enrollment response message including a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system. The advertised features and capabilities includes information to enable the sensor to establish direct communications with the selected cluster.
-
公开(公告)号:US10671721B1
公开(公告)日:2020-06-02
申请号:US15390930
申请日:2016-12-27
申请人: FIREEYE, INC.
发明人: Alexander Otvagin , Mumtaz Siddiqui
摘要: A scalable, threat detection system features computing nodes including a first computing node and a second computing node operating as a cluster. Each computing node features an analysis coordinator and an object analyzer. The analysis coordinator is configured to conduct an analysis of metadata associated with a suspicious object that is to be analyzed for malware, where the metadata being received from a remotely located network device and to store a portion of the metadata within a data store. The object analyzer is configured to retrieve the portion of the metadata from the data store, monitor a duration of retention of the metadata in the data store, and determine whether a timeout event has occurred for the object associated with the metadata based on retention of the metadata within the data store that exceeds a timeout value included as part of the metadata associated with the suspicious object for malware.
-
公开(公告)号:US11228491B1
公开(公告)日:2022-01-18
申请号:US16022644
申请日:2018-06-28
申请人: FireEye, Inc.
IPC分类号: G06F15/173 , H04L12/24 , H04L29/08
摘要: A cyber-threat detection system that maintains consistency in local configurations of one or more computing nodes forming a cluster for cyber-threat detection is described. The system features a distributed data store for storage of at least a reference configuration and a management engine deployed within each computing node, including the first computing node and configured to obtain data associated with the reference configuration from the distributed data store, From such data, the management engine is configured to detect when the shared local configuration is non-compliant with the reference configuration, and upload information associated with the non-compliant shared local configuration into the distributed data store. Upon notification, the security administrator may initiate administrative controls to allow the non-compliant shared local configuration or modify the shared local configuration to be compliant with the reference configuration.
-
公开(公告)号:US10581874B1
公开(公告)日:2020-03-03
申请号:US14986417
申请日:2015-12-31
申请人: FireEye, Inc.
摘要: A computerized method for detecting malware associated with an object. The method includes operations of analyzing an object to obtain a first set of attributes, where the first set of attributes include one or more characteristics associated with the object. Furthermore, the object is processed with a virtual machine to obtain a second set of attributes. The second set of attributes corresponds to one or more monitored behaviors of the virtual machine during processing of the object. Thereafter, a threat index is determined based, at least in part, on a combination of at least one attribute of the first set of attributes and at least one attribute of the second set of attributes. The threat index represents a probability of maliciousness associated with the object.
-
公开(公告)号:US10133866B1
公开(公告)日:2018-11-20
申请号:US14985287
申请日:2015-12-30
申请人: FIREEYE, INC.
摘要: According to one embodiment, a system featuring one or more processors and memory that includes monitoring logic. In operation, the monitoring logic monitors for a notification message that identifies a state change event that represents an activity has caused a change in state of a data store associated with a storage system. The notification message triggers a malware analysis to be conducted on an object associated with the state change event.
-
公开(公告)号:US09787706B1
公开(公告)日:2017-10-10
申请号:US15254902
申请日:2016-09-01
申请人: FireEye, Inc.
发明人: Alexander Otvagin , Vineet Kumar , Arsen Movsesyan
CPC分类号: H04L63/1425 , G06F17/30091 , G06F17/30424 , G06F21/00 , G06F21/566 , H04L63/1441 , H04L63/145
摘要: A modularized architecture using vertical partitioning of a database is configured to store object metadata and processing results of one or more objects analyzed by a state machine, such as an analysis engine of a malware detection system. The database may include data structures, such as one or more master blocks, state sub-blocks, and state co-tables, as well as state transition queues. The modularized architecture may organize the database as one or more stages of the state machine, such that each stage corresponds to a module of the state machine, wherein the module generates results that are stored in its associated state co-table, which then provides information for a next stage. Each next stage may have a dependency on the one or more prior stages that provide input for execution of the next stage module. Dependency logic associated with each stage may determine whether the dependency is satisfied and, if so, may insert an action request into the state transition queue for the next stage to invoke an action associated with that stage.
-
公开(公告)号:US11271955B2
公开(公告)日:2022-03-08
申请号:US16222501
申请日:2018-12-17
申请人: FireEye, Inc.
发明人: Sai Vashisht , Alexander Otvagin
IPC分类号: H04L29/06 , G06F16/245 , G06F16/28
摘要: A system for detecting artifacts associated with a cyber-attack features a cybersecurity intelligence hub remotely located from and communicatively coupled to one or more network devices via a network. The hub includes a data store and retroactive reclassification logic. The data store includes stored meta-information associated with each prior evaluated artifact of a plurality of prior evaluated artifacts. Each meta-information associated with a prior evaluated artifact of the plurality of prior evaluated artifacts includes a verdict classifying the prior evaluated artifact as a malicious classification or a benign classification. The retroactive reclassification logic is configured to analyze the stored meta-information associated with the prior evaluated artifact and either (a) identify whether the verdict associated with the prior evaluated artifact is in conflict with trusted cybersecurity intelligence or (b) identify inconsistent verdicts for the same prior evaluated artifact.
-
公开(公告)号:US11240275B1
公开(公告)日:2022-02-01
申请号:US16223107
申请日:2018-12-17
申请人: FireEye, Inc.
发明人: Sai Vashisht , Alexander Otvagin
IPC分类号: H04L29/06
摘要: A network device for collecting and distributing cybersecurity intelligence, which features analytics logic and a plurality of plug-ins. The analytics logic is configured to (i) receive a request message to conduct a cybersecurity analysis and (ii) select one of a first set or second set of plug-ins to conduct the cybersecurity analysis. Responsive to selecting a first plug-in of the first set of plug-ins by the analytics logic, the system conducts and completes the cybersecurity analysis while a communication session between the first plug-in and a network device initiating the request message remains open. Responsive to selecting a second plug-in by the analytics logic, the system conducts and completes the cybersecurity analysis while allowing the cybersecurity intelligence to be provided in response to the request message during a different and subsequent communication session than the communication session during which the request message is received.
-
公开(公告)号:US10785255B1
公开(公告)日:2020-09-22
申请号:US15283128
申请日:2016-09-30
申请人: FireEye, Inc.
发明人: Alexander Otvagin , Sakthi Subramanian , Krists Krilovs , Diptesh Chatterjee , Prakhyath Rajanna
IPC分类号: H04L29/06
摘要: A scalable, malware detection system features at least one sensor and a cluster including at least one computing node. The computing node includes an analysis coordination system and an object analysis system. The analysis coordination system, when activated as a broker computing node, (i) receives metadata from a sensor, (ii) analyzes the metadata, and (iii) places at least a portion of the metadata into a data store for subsequent use in retrieval of the suspicious object by the object analysis system from the sensor. The object analysis system is configured to (i) retrieve the portion of the metadata, which includes at least a sensor identifier, from the data store, (ii) retrieve the suspicious object from the sensor using at least part of the portion of the metadata retrieved from the data store, and (iii) analyze the suspicious object for malware.
-
10.发明授权Modularized database architecture using vertical partitioning for a state machine 有权使用状态机的垂直分区的模块化数据库架构公开(公告)号:US09467460B1
公开(公告)日:2016-10-11
申请号:US14580501
申请日:2014-12-23
申请人: FireEye, Inc.
发明人: Alexander Otvagin , Vineet Kumar , Arsen Movsesyan
CPC分类号: H04L63/1425 , G06F17/30091 , G06F17/30424 , G06F21/00 , G06F21/566 , H04L63/1441 , H04L63/145
摘要: A modularized architecture using vertical partitioning of a database is configured to store object metadata and processing results of one or more objects analyzed by a state machine, such as an analysis engine of a malware detection system. The database may include a plurality of data structures, such as one or more master blocks, state sub-blocks, and state co-tables, as well as state transition queues. The modularized architecture may organize the database as one or more stages of a state machine, wherein each stage includes a state sub-block, a state co-table and a state transition queue. The modularized architecture may further organize the database such that each stage corresponds to an action, i.e., module, of the state machine on the object. The module may process the data structures of its corresponding stage such that a state sub-block receives information from its state transition queue, wherein the module generates results that are stored in its associated state co-table, which then provides information for a next stage.
摘要翻译: 使用数据库的垂直分割的模块化架构被配置为存储由状态机(诸如恶意软件检测系统的分析引擎)分析的一个或多个对象的对象元数据和处理结果。 数据库可以包括多个数据结构,诸如一个或多个主块,状态子块和状态协同表,以及状态转移队列。 模块化架构可以将数据库组织为状态机的一个或多个阶段,其中每个阶段包括状态子块,状态协同表和状态转移队列。 模块化架构可以进一步组织数据库,使得每个阶段对应于对象上的状态机的动作,即模块。 模块可以处理其对应级的数据结构,使得状态子块从其状态转移队列接收信息,其中模块生成存储在其关联状态协同表中的结果,其然后提供下一级的信息 。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.023 秒)
